laurentsimon

Results 281 issues of laurentsimon

See https://github.com/slsa-framework/slsa-github-generator/issues/2035#issuecomment-1564275318 JReleaser is a "super app" and needs an exception

type:feature

We may also verify that the material marked with `annotation.source: true` is the same. Could be dangerous since some builders may provide multiple "source" entries. So maybe only use the...

specs:v1.0

We may want to provide an option to verify https://github.com/slsa-framework/slsa-github-generator/issues/1555 This is only needed for generators

specs:v1.0

also add tests for the 3 possible values of the default CLI builder ID.

area:tests
e2e
area:npm

/cc @ianlewis

area:npm

We use this function to match the inputs to a workflow https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/slsaprovenance/common.go#L12. We seem to always look at the trigger workflow's input. We may want to change this for our...

type:feature

This will be important when we develop the API, since the API may be used as part of a verification service.

area:hardening
area:api

we currently don't verify the cert in the bundle is the same as the one in the rekor entry, we only verify the signatures are the same https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/bundle.go#L175-L183 We should...

type:feature
area:gha
area:hardening

use scorecard, allstar, for example. Record all settings changes, etc

area:tooling
type:refactor